LDAP Object Class

The concept of object here is similar to concept of object in Object Oriented Programming.

In Lightweight Directory Access Protocol (LDAP), object class is a set of attributes.It is defined inside a schema and may be organized in a hierarchy. This concept is similar to object in real world, where object in real world might consists of other elements. For example: a car is assembly of tire, wheel, chassis, engine, etc. An object class is not different from that. An object in LDAP is a collection of attributes.

When we said a class (in object class) we refer to the design / blueprint. We can create as many car as we want from a blueprint with same specification, same power, same dimension, everything same. And also object class is. An object class is a blueprint to create an object we can use in LDAP. When an object is created, it is an instance of an object class.

Object class is hierarchical. It can inherit attributes from its parent. In real world, we can say that an object motorcycle is derived from a bicycle. It is a bike with an engine. In LDAP, we can see that object class InetOrgPerson is a descendant of object class organizationalPerson and inherit avery attributes organizationalPerson has.

To define an object class, we follow this syntax:

1

2

3

4

5

6

7

8

9

objectclass whsp"("whsp numericoid whsp

["NAME"qdescrs]

["DESC"qdescrs]

["OBSOLETE"whsp]

["SUP"oids]

[("ABSTRACT"/"STRUCTURAL"/AUXILIARY" ) whsp ]

[ "MUST" oids ]

[ "MAY" oids ]

whsp ")"

An object class is declared by a keyword objectclass and followed by a whitespace (whsp) and a numericoid or Organizational Identification number. This number should be unique globally if we want to build an enterprise system. The numericoid is used for identifying object class, attributes, syntax, matching rules, etc. The numericoid is assigned by IANA. If you want to build an enterprise level and a production machine, please acquired one. If you just want to experiment, you can do that in private network with any numericoid.

Let’s dive deeper into the object class declaration:

NAME

Defined the object class’ name. This name should be unique globally.

DESC

Description for this object class.

OBSOLETE

Optional. When this object class is defined as obsolete, LDAP is informed that the object class is obsoleted and should not be used.

SUP

Optional. Define parent / super class of this object class. The object class given in this argument will act as parent and the newly create object class will inherit all properties from the parent object class.

ABSTRACT / STRUCTURAL / AUXILIARY

Define types of object class.

An abstract class defining an abstract class / non existing class / class that should not be exists. Well this is ambiguous, but it means the abstract class can not be instantiated in DIT.

A structural class defining a common node in hierarchy. The class can be instantiated as a node in LDAP tree (DIT).

An auxiliary class is an object with attributes but unlike structural class, it cannot create its own instance in DIT. This object should be used as auxiliary of complement of structural class.

MUST

Define attributes that should be exists if we want to use this object. The given object should be written as a list separated by dollar sign $.

MAY

Define optional attributes that can exists in this class.

Let see one example:

1

2

3

objectclass(2.3.4.5NAME'country'SUP top STRUCTURAL

MUSTc

MAY(searchGuide$description))

We can write them cascade like in the example, or as one long line.

In above example, we define an object class with OID 2.3.4.5. This object class’ name is country having top as a parent. This class is structural. An attribute countryName or c should declared before using this object. Attribute searchGuide is an optional.